Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/3b5f4e-93ff-4dfb-b02d-dc2301fbbb7c/1/zjk_Q0cuhc64VIKYYz21Nn1FeuY.roa
File:                     zjk_Q0cuhc64VIKYYz21Nn1FeuY.roa (raw, json)
Hash identifier:          QT/lZQEqi1XWX7KpVpVaaWmL3tWknjlE6VhT8EYJkqk=
Subject key identifier:   CE:39:3F:43:47:2E:85:CE:B8:54:82:98:63:3D:B5:36:7D:45:7A:E6
Certificate issuer:       /CN=229a038176c796ea4f2769f6be3cace1a3597634
Certificate serial:       018CC3B686B76E7B4B41B26CFF7B7BFAFBFB
Authority key identifier: 22:9A:03:81:76:C7:96:EA:4F:27:69:F6:BE:3C:AC:E1:A3:59:76:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IpoDgXbHlupPJ2n2vjys4aNZdjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/3b5f4e-93ff-4dfb-b02d-dc2301fbbb7c/1/zjk_Q0cuhc64VIKYYz21Nn1FeuY.roa
Signing time:             Mon 01 Jan 2024 06:29:28 +0000
ROA not before:           Mon 01 Jan 2024 06:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34722
IP address blocks:        185.160.16.0/24 maxlen: 24
                          185.160.17.0/24 maxlen: 24
                          185.160.16.0/22 maxlen: 22
                          185.160.19.0/24 maxlen: 24
                          185.160.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/3b5f4e-93ff-4dfb-b02d-dc2301fbbb7c/1/IpoDgXbHlupPJ2n2vjys4aNZdjQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/3b5f4e-93ff-4dfb-b02d-dc2301fbbb7c/1/IpoDgXbHlupPJ2n2vjys4aNZdjQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IpoDgXbHlupPJ2n2vjys4aNZdjQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:86:b7:6e:7b:4b:41:b2:6c:ff:7b:7b:fa:fb:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=229a038176c796ea4f2769f6be3cace1a3597634
        Validity
            Not Before: Jan  1 06:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce393f43472e85ceb8548298633db5367d457ae6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e6:53:d2:60:13:de:ba:7f:5a:bf:c6:bf:a3:
                    87:38:71:2f:c2:4f:99:c8:8e:4f:09:79:03:94:a8:
                    4e:c8:2b:73:af:4d:f6:34:0e:69:14:c1:ce:25:42:
                    24:c5:20:fc:33:8d:49:85:8a:15:8a:23:83:c6:28:
                    62:b8:11:6e:2f:8e:5f:12:5c:c4:aa:94:25:13:83:
                    e6:c8:4c:c0:a4:cc:4d:4d:74:08:41:02:09:17:24:
                    cc:f4:02:a9:de:f1:4c:ca:65:79:7d:3c:60:5b:83:
                    a8:25:13:7f:7f:ca:66:c1:7f:8e:f9:ed:d2:dd:4e:
                    f9:95:16:17:0b:06:3f:02:91:be:a1:0f:3e:b2:f3:
                    56:28:a3:db:44:6c:1e:b8:8b:28:6f:33:2d:c3:47:
                    cd:ac:2a:9b:c2:99:4b:ba:63:5d:29:5d:84:16:47:
                    9a:49:64:ed:74:f3:a9:4e:0c:66:c9:f8:3f:ff:29:
                    89:75:51:e1:70:d4:57:50:5c:06:f4:6c:d7:92:bd:
                    f2:4e:ac:c0:55:17:90:0d:7d:54:ce:7d:b5:e0:15:
                    7c:38:46:88:de:8f:79:88:54:56:c5:7a:44:d7:f0:
                    2f:60:98:2e:e2:f6:21:0a:7f:cb:31:ca:f1:eb:46:
                    21:24:39:61:ef:07:ca:da:c4:dd:7d:14:79:7e:6a:
                    b8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:39:3F:43:47:2E:85:CE:B8:54:82:98:63:3D:B5:36:7D:45:7A:E6
            X509v3 Authority Key Identifier:
                keyid:22:9A:03:81:76:C7:96:EA:4F:27:69:F6:BE:3C:AC:E1:A3:59:76:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IpoDgXbHlupPJ2n2vjys4aNZdjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/3b5f4e-93ff-4dfb-b02d-dc2301fbbb7c/1/zjk_Q0cuhc64VIKYYz21Nn1FeuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/3b5f4e-93ff-4dfb-b02d-dc2301fbbb7c/1/IpoDgXbHlupPJ2n2vjys4aNZdjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:fb:6e:57:84:4b:62:31:5b:1c:cf:97:a4:dc:4d:92:c3:32:
         08:53:76:f5:5c:a0:fe:3b:1d:01:5f:b4:55:08:f4:13:71:a7:
         ed:86:7e:aa:58:c2:71:49:44:2c:e1:71:bd:00:97:ff:af:ba:
         7b:33:4a:4e:37:cf:53:82:fa:45:0b:df:0c:95:c8:88:47:4d:
         c6:be:4b:c4:2d:02:d2:ca:75:9f:f6:22:65:c0:b1:66:ca:82:
         ca:0e:5a:a3:b6:37:e9:08:dd:4a:e8:d6:4e:fb:e9:60:cb:a8:
         f1:47:ce:4b:60:cb:10:95:95:f0:6e:da:1a:31:52:68:43:0d:
         7a:6a:55:a9:72:85:70:9e:53:5f:ec:50:6d:5c:4e:bc:ed:c7:
         cf:55:3c:33:52:71:0a:55:52:74:60:e6:33:e5:40:3c:0f:1c:
         e8:07:99:95:d8:9a:eb:04:53:69:07:25:93:2f:49:55:56:5c:
         f1:e8:04:c4:89:d7:6f:74:3b:98:94:78:0e:83:ef:3f:f8:9c:
         ec:a6:1d:16:07:63:ed:99:82:01:f5:48:cf:2c:2d:ba:87:78:
         71:a9:d4:b0:14:d6:bc:21:65:a7:71:3b:99:51:34:ba:e5:4d:
         8f:c9:5d:bc:94:54:b0:f5:b9:b5:44:35:cc:fd:e8:f4:f7:5f:
         8e:ee:06:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtoa3bntLQbJs/3t7+vv7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyOWEwMzgxNzZjNzk2ZWE0ZjI3NjlmNmJlM2NhY2UxYTM1
OTc2MzQwHhcNMjQwMTAxMDYyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTM5M2Y0MzQ3MmU4NWNlYjg1NDgyOTg2MzNkYjUzNjdkNDU3YWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeZT0mAT3rp/Wr/Gv6OHOHEvwk+Z
yI5PCXkDlKhOyCtzr032NA5pFMHOJUIkxSD8M41JhYoViiODxihiuBFuL45fElzE
qpQlE4PmyEzApMxNTXQIQQIJFyTM9AKp3vFMymV5fTxgW4OoJRN/f8pmwX+O+e3S
3U75lRYXCwY/ApG+oQ8+svNWKKPbRGweuIsobzMtw0fNrCqbwplLumNdKV2EFkea
SWTtdPOpTgxmyfg//ymJdVHhcNRXUFwG9GzXkr3yTqzAVReQDX1Uzn214BV8OEaI
3o95iFRWxXpE1/AvYJgu4vYhCn/LMcrx60YhJDlh7wfK2sTdfRR5fmq4eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM45P0NHLoXOuFSCmGM9tTZ9RXrmMB8GA1UdIwQY
MBaAFCKaA4F2x5bqTydp9r48rOGjWXY0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXBvRGdYYkhsdXBQSjJuMnZqeXM0YU5aZGpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8zYjVmNGUtOTNmZi00ZGZiLWIwMmQt
ZGMyMzAxZmJiYjdjLzEvemprX1EwY3VoYzY0VklLWVl6MjFObjFGZXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8zYjVmNGUtOTNmZi00ZGZiLWIwMmQtZGMyMzAxZmJiYjdj
LzEvSXBvRGdYYkhsdXBQSjJuMnZqeXM0YU5aZGpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaAQMA0G
CSqGSIb3DQEBCwUAA4IBAQA3+25XhEtiMVscz5ek3E2SwzIIU3b1XKD+Ox0BX7RV
CPQTcafthn6qWMJxSUQs4XG9AJf/r7p7M0pON89TgvpFC98MlciIR03GvkvELQLS
ynWf9iJlwLFmyoLKDlqjtjfpCN1K6NZO++lgy6jxR85LYMsQlZXwbtoaMVJoQw16
alWpcoVwnlNf7FBtXE687cfPVTwzUnEKVVJ0YOYz5UA8DxzoB5mV2JrrBFNpByWT
L0lVVlzx6ATEiddvdDuYlHgOg+8/+Jzsph0WB2PtmYIB9UjPLC26h3hxqdSwFNa8
IWWncTuZUTS65U2PyV28lFSw9bm1RDXM/ej091+O7gY6
-----END CERTIFICATE-----